Child Tickets

Change History (21)

In f93f7e3, we start requiring relays to have measured bandwidth in dirserv.c's dirserv_compute_performance_thresholds(). However, assigning the Exit flag shouldn't depend on having the relay's bandwidth. See dirserv.c line 1971. That may explain why turtles and moria1 assign so few Exit flags to relays. It doesn't explain the rest of this bug though.

And dirserv_thinks_router_is_unreliable(ri)'s return value is based on comparing (fast_bandwidth, which is set based on dirserv_get_credible_bandwidth()) to dirserv_get_bandwidth_for_router(ri). Is that correct?

I have some more or less untested stuff in branch bug8683_ideas. Needs review and consideration.

Looks like we're changing the meaning of fast_bandwidth to be in kilobytes rather than bytes?

We already did that as part of #8273; we just didn't do it consistently.

I think the alternative is worse, but I could be wrong.

Unexpected side effects:

The FastFlagMinThreshold consensus param will cause current clients to freak out if you set it to 4 but the clients think 4096 is the minimum.

Not really; were' changing the minimum to 4, after all, and I think clients don't even look at that value. The worst that will happen is that authorities that don't upgrade will give a warning. But authorities should upgrade. Or we could say that these thresholds are in bytes, and divide them by 1000. That's cool too.

It changes dirserv_get_flag_thresholds_line(), so Karsten's scripts to track thresholds will all need to check what version generated the line and handle it there.

For that, adding the appropriate multiplies sounds like the right thing to do.

moria1 is running this new branch. At first glance it looks like it works.

I notice that the Exit flag is now not assigned unless you have the Running flag. I think that might be different behavior from before (and doesn't make much sense to me -- but then it's not actually a bug until somebody does #8685).

Here's my theory: we set node->is_exit while router_is_active is true, and once router_is_active stops being true, we never change our opinion about is_exit.

You would think that there would then be a subtle bug where the relay changes its exit policy while staying unreachable, and then we'd mistakenly keep voting Exit. But I think when the exit policy changes, the node_t gets replaced with the new one, which starts out without the flags.

There *is* a different sort of subtle bug, where if we've never found a relay reachable, we don't vote the Exit flag for it, even if its exit policy warrants it. That happens for example when the directory authority starts up.

I just checked, and now that moria1 has been running for a while, it is in fact voting Exit-but-not-Running on some relays. So it looks like we have retained the old behavior. (I'm not sure if that's counter to the goals of #8435, since I don't know what those goals were.)